• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Security bulletin for Rooted users.

A little surprising that its not encrypted but really its not that big a deal. Definitely a little scary for those with exchange accounts that end up listed there though.

I have always been very careful with installing root apps. I stick to known devs and or apps with lots positive feedback when it comes to root apps. If you go installing every root app under the sun then you are asking to get hit with something malicious.
 
Upvote 0
I'm a little surprised that people didn't know that any "Remember my password" feature anywhere effectively stores passwords in plain text unless you enter a Master Password or similar. ("Keep me logged in" is somewhat different.) This isn't any more of an issue for Root users as normal users if there are active root exploits, since obviously a malicious app could then root an unrooted phone.

Such features trade security for convenience, so it's a design decision that can't really be made more secure. Effective encryption can only be used if the key is kept secret, which can't be done if your phone isn't asking you for a decryption key. Encrypting then storing the key in plaintext is completely pointless.

Even if passwords were securely stored, a malicious root app can install a rootkit. I won't go into specifics, but suffice to say at that point it's no longer "your" phone.

Required reading for owning an electronic device:
10 Immutable Laws of Security

For the curious, here's a follow-up set of articles that examine how well the previous one held up from it's publication in 2000 to 2008:
10 Immutable Laws of Security Revisited: Part 1
10 Immutable Laws of Security Revisited: Part 2
10 Immutable Laws of Security Revisited: Part 3
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones